more-arw search

Small Business Internal Cotrols

Small Business Internal Controls Expert Dr. Sandy Richtermeyer

On May 14, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its new internal control framework. Business leaders might assume that the framework is only relevant for large, publicly traded organizations. President and CEO of IMA (the Institute of Management Accountants) Jeff Thomson, CMA, recently spoke with Xavier University Professor Dr. Sandy Richtermeyer, IMA’s representative on the COSO board, to discuss the importance of internal controls in small businesses and other types of organizations.

The following is an edited and condensed version of their conversation.

Jeff Thomson: Do the same tenets of internal controls and risk management apply equally to private and smaller, non-publicly traded companies?
Sandra Richtermeyer: Absolutely. I think that is where we have so much opportunity to have dialogue about our updated framework – with smaller entrepreneurial organizations, mid-sized companies, nonprofit organizations, and governmental organizations.

Why are internal controls important for small businesses?
Both small- and medium-sized organizations are such a key part of our economy. Anything we can do to strengthen their practices and procedures, how they adapt to changing business environments, how they approach risk, and how they manage growth will be extremely valuable.

How can small business owners pay more attention to internal controls?
Both our enterprise risk management framework and our internal control integrated framework can help them a great deal as they look at their own strategic goals and objectives and how they deliver their own mission, vision, and values. This framework gives them the background and the foundation they need to grow, adapt to changing business conditions, and look at increasingly global business models.  

I think that oftentimes business leaders look at these frameworks and think, “Oh no. These are too complex; these are too much for us.” But I think that financial professionals working within small- and medium-sized businesses will find these frameworks to be very valuable tools.

Do you believe organizations see good internal controls as good for business? Do some view them as an impediment to growth and innovation?
It’s really important for people to remember that frameworks, such as our internal control integrated framework or the enterprise risk management framework, are helpful tools for an organization. I know that sometimes when new frameworks, guidance, or compliance recommendations are released, oftentimes they’re viewed initially as a burden for accounting and finance leaders and their teams. And I think that sometimes we overlook their strategic importance and how they fit into the bigger picture.   

As accounting and finance professionals, we need to be on top of risk, and we need to be strategic partners in risk-planning discussions. The knowledge, skills, and capabilities of accounting and finance professionals can be incredibly helpful and add a lot of value to those conversations. They need to have a key seat at the table, not just follow rules and guidelines. It’s not a “check the box” kind of exercise; it’s a strategic exercise that, if done properly, absolutely has the potential to improve business performance and increase the likelihood that an organization will accomplish its strategic objectives.

What is the role of small-business CFOs and their teams to push internal controls?
Similar to a large organization, it’s absolutely critical for small-business CFOs to understand how their organization’s mission, vision, and strategic goals are more likely to be achieved if they understand risk management and how risk planning affects each of those foundational areas. This is important in organizations of all sizes and across all business models. Small businesses are a key element of our economy, and without the platform of a solid system of internal controls, it can be difficult for them to respond to rapidly changing business conditions or be flexible and adaptable to operate effectively in their supply chain. In addition, I believe they need to understand the relationship between risk management and how it sets the stage for a solid system of internal controls.

As professionals gain familiarity with or continue to use the COSO frameworks, they become more prepared to serve as leaders and provide guidance on how initiatives like this can impact their organization. I believe these frameworks provide the right base and can be very helpful. If professionals look at the strategic impact, the performance that’s enhanced by a solid foundation, a solid approach to risk management, and a solid internal control system, they’re more ready to take their organization to that next level.

For more information about the COSO framework, go to This article was provided by IMA, which is the worldwide association for accountants and financial professionals  in business.